Compliance officers operate where the rubber meets the road, where regulatory requirements are
translated into specific controls over business
conduct. We are experts at operationalizing
policies and procedures. As
technology has transformed the way
business is done, it is no surprise that
Compliance departments have had to
make adjustments to align operations
with compliance requirements. Now,
Compliance departments are perfectly
situated to address new challenges
posed by the new risks technology
creates, including data security and privacy.
The financial industry has been a
Risk sources and regulatory demands
compliance leader in this area because of
Financial Industry Regulatory Authority
regulations that apply to electronic
communications and social media and, more
recently, requirements imposed by the New
York Department of Financial Services.1 Other
industries are behind the curve but, faced
with quickly growing risks and regulatory
demands, are working hard to catch up.
Companies are facing risks from criminals
and hackers as well as increasing regulatory
expectations. Compliance is a natural
partner for the Information Technology (IT)
department to address these very real dangers.
In this age of technology driving business
operations, hackers are getting increasingly
creative, creating serious risks and potentially
devastating harm to large and small
businesses alike. From basic ransomware
attacks to full-out assaults designed to collect
sensitive personal and financial information,
businesses must embrace compliance and
defensive solutions to prevent devastating
attacks. Last year, businesses such as
HBO, Anthem, Experian, and many others
Technology risk assessment for
compliance: Data privacy and
» Theft, ransomware, and increasing regulatory expectations are making smart technology management a requirement.
» Compliance department professionals are uniquely well‑situated to address new risks posed by technology and a natural
ally for Information Technology departments.
» A technology risk assessment is the starting point to evaluate what steps you should be taking.
» A technology risk assessment should include a review of social media, security, remote access, data privacy, record
retention, and third‑party vendors.
» Technology‑related risks should be mitigated using tools familiar to compliance professionals: policies and procedures,
training, roles and responsibilities, and monitoring and auditing.
by Lauren Connell
Lauren Connell ( firstname.lastname@example.org) is Managing Associate at The
Volkov Law Group in New York, NY.